Purview DLP - Reporting blocked Teams messages to admin

Oliver Freund 0

Hi all,

In teams we have the option to report messages blocked by DLP "to my admin":

Does anyone know how this feature works, and to which admin those reports will be sent? I checked in Communication Compliance, but nothing ends up there.

Glad to receive any leads :-)

Kind regards,

Oliver

Oliver Freund 0 Reputation points

2025-02-03T13:50:58.7933333+00:00
@phemanth thanks for taking your time to answer!

I do have the permission to view DLP alerts and incidents, and also the ones required for creating/editing policies. In the policies I have enabled all possible types of notifications. But I do not receive anything.

Do you know the answer for the following questions? This would help me to troubleshoot further.

Should I receive this report via email, or will it be in a portal (e.g. Compliance Portal)?

Which particular roles are considered as recipients for this notification?

Which particular notification-setting in the policy is responsible for this notification?

Thank you and kind regards,

Oliver
phemanth 13,900 Reputation points Microsoft Vendor

2025-02-04T14:48:42.08+00:00
@Oliver FreundI'm glad to help further! Let's address your questions one by one:

Should I receive this report via email, or will it be in a portal (e.g., Compliance Portal)?

DLP alerts and notifications can be configured to be sent via email or viewed in the Microsoft Purview compliance portal. Email notifications are typically sent to the designated recipients specified in the DLP policy settings1. Additionally, you can view and manage DLP alerts in the Microsoft Purview compliance portal under the DLP alert management dashboard.

Which particular roles are considered as recipients for this notification?

The roles that can receive DLP notifications include Compliance Administrator and Compliance Data Administrator2. These roles have the necessary permissions to view and manage DLP alerts and incidents. Ensure that the administrators assigned to these roles are correctly configured in the Microsoft Purview compliance portal.

Which particular notification-setting in the policy is responsible for this notification?

In the DLP policy settings, you need to configure the notification options for each rule. This includes specifying the recipients for email notifications and customizing the notification message1. Make sure that the "Send email notification" option is enabled and that the correct recipients are specified. Additionally, verify that the DLP policy is set to generate alerts for the specific conditions you are monitoring.

If you have already configured these settings and still do not receive notifications, it might be helpful to review the audit logs in the Microsoft Purview compliance portal to ensure that the DLP policies are being triggered as expected.

:Send email notifications and show policy tips for DLP policies

:Get started with data loss prevention alerts

:Is it possible to set up email notification to admins if a user
phemanth 13,900 Reputation points Microsoft Vendor

2025-02-05T18:54:00.8433333+00:00

@Oliver Freund We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Oliver Freund 0 Reputation points

2025-02-18T14:46:15.0833333+00:00

Dear @phemanth , thanks for taking your time to answer this.

I think we might have a misunderstanding.

Alerts from triggered policies are working flawlessly. I can see the alerts and the notifications.

I only want to know where the feedback ends up if someone reports a DLP-block "to the admin" in teams.

Kind regards,

Oliver
phemanth 13,900 Reputation points Microsoft Vendor

2025-02-18T18:13:51.8966667+00:00
@Oliver Freund

Thank you for clarifying,

When a user reports a DLP-blocked message "to the admin" in Microsoft Teams, the feedback typically ends up in the Microsoft Purview compliance portal. Specifically, it should be visible under the DLP alert management dashboard or within the Communication Compliance section, depending on how your policies are configured.

To ensure you are seeing these reports, you might want to:

Check the DLP Alert Management Dashboard: Navigate to the DLP alert management section in the Microsoft Purview compliance portal to see if the reports are listed there.

Review Communication Compliance Policies: Ensure that your communication compliance policies are set up to capture and review these reported messages.

1 answer

phemanth 13,900 Reputation points Microsoft Vendor

2025-02-03T13:35:44.3033333+00:00
@Oliver Freund

Welcome to the Microsoft Q&A forum.

When a message is blocked by Data Loss Prevention (DLP) in Microsoft Teams and reported "to my admin," the report is typically sent to the administrators who have the appropriate permissions to view DLP alerts and incidents. These administrators are usually defined in the Microsoft Purview compliance portal.

To ensure that the reports are being sent to the correct admin, you can check the following:

DLP Alerts Configuration: Verify that the DLP policies are configured to send alerts to the designated administrators. This can be done in the Microsoft Purview compliance portal under the DLP policy settings.

Audit Logs: You can audit messages detected by DLP rules in Microsoft Teams by navigating to the Audit page in the Microsoft Purview compliance portal. From there, you can specify the date range and select the relevant activities and workloads to generate a report.

Communication Compliance: Ensure that the communication compliance policies are set up correctly to capture and review reported messages. This can be managed in the Microsoft Purview compliance portal under the Communication Compliance section.

If you still don't see the reports, it might be helpful to review the permissions and roles assigned to the administrators to ensure they have the necessary access to view DLP incidents.

I hope the above steps will resolve the issue, please do let us know if issue persists. Thank you
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Purview DLP - Reporting blocked Teams messages to admin

1 answer

Your answer